Skip to content

[Security] Renamed provider key to firewall name #37942

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 26, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions UPGRADE-5.2.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,3 +74,12 @@ Security

* [BC break] `AccessListener::PUBLIC_ACCESS` has been removed in favor of
`AuthenticatedVoter::PUBLIC_ACCESS`.

* Deprecated `setProviderKey()`/`getProviderKey()` in favor of `setFirewallName()/getFirewallName()`
in `PreAuthenticatedToken`, `RememberMeToken`, `SwitchUserToken`, `UsernamePasswordToken`,
`DefaultAuthenticationSuccessHandler`, the old methods will be removed in 6.0.

* Deprecated the `AbstractRememberMeServices::$providerKey` property in favor of
`AbstractRememberMeServices::$firewallName`, the old property will be removed
in 6.0.

4 changes: 4 additions & 0 deletions UPGRADE-6.0.md
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,10 @@ Security
* Removed `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface`, register a listener on the `LogoutEvent` event instead.
* Removed `DefaultLogoutSuccessHandler` in favor of `DefaultLogoutListener`.
* Added a `logout(Request $request, Response $response, TokenInterface $token)` method to the `RememberMeServicesInterface`.
* Removed `setProviderKey()`/`getProviderKey()` in favor of `setFirewallName()/getFirewallName()`
in `PreAuthenticatedToken`, `RememberMeToken`, `SwitchUserToken`, `UsernamePasswordToken`,
`DefaultAuthenticationSuccessHandler`.
* Removed the `AbstractRememberMeServices::$providerKey` property in favor of `AbstractRememberMeServices::$firewallName`

TwigBundle
----------
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ protected function createAuthenticationSuccessHandler(ContainerBuilder $containe
} else {
$successHandler = $container->setDefinition($successHandlerId, new ChildDefinition('security.authentication.success_handler'));
$successHandler->addMethodCall('setOptions', [$options]);
$successHandler->addMethodCall('setProviderKey', [$id]);
$successHandler->addMethodCall('setFirewallName', [$id]);
}

return $successHandlerId;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ public function testDefaultSuccessHandler($serviceId, $defaultHandlerInjection)
if ($defaultHandlerInjection) {
$this->assertEquals('setOptions', $methodCalls[0][0]);
$this->assertEquals(['default_target_path' => '/bar'], $methodCalls[0][1][0]);
$this->assertEquals('setProviderKey', $methodCalls[1][0]);
$this->assertEquals('setFirewallName', $methodCalls[1][0]);
$this->assertEquals(['foo'], $methodCalls[1][1]);
} else {
$this->assertCount(0, $methodCalls);
Expand Down
1 change: 1 addition & 0 deletions src/Symfony/Component/Security/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ CHANGELOG
* Changed `AuthorizationChecker` to call the access decision manager in unauthenticated sessions with a `NullToken`
* [BC break] Removed `AccessListener::PUBLIC_ACCESS` in favor of `AuthenticatedVoter::PUBLIC_ACCESS`
* Added `Passport` to `LoginFailureEvent`.
* Deprecated `setProviderKey()`/`getProviderKey()` in favor of `setFirewallName()/getFirewallName()` in `PreAuthenticatedToken`, `RememberMeToken`, `SwitchUserToken`, `UsernamePasswordToken`, `DefaultAuthenticationSuccessHandler`; and deprecated the `AbstractRememberMeServices::$providerKey` property in favor of `AbstractRememberMeServices::$firewallName`

5.1.0
-----
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,6 @@ public function authenticate(TokenInterface $token)
*/
public function supports(TokenInterface $token)
{
return $token instanceof PreAuthenticatedToken && $this->providerKey === $token->getProviderKey();
return $token instanceof PreAuthenticatedToken && $this->providerKey === $token->getFirewallName();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,6 @@ public function authenticate(TokenInterface $token)
*/
public function supports(TokenInterface $token)
{
return $token instanceof RememberMeToken && $token->getProviderKey() === $this->providerKey;
return $token instanceof RememberMeToken && $token->getFirewallName() === $this->providerKey;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ public function authenticate(TokenInterface $token)
*/
public function supports(TokenInterface $token)
{
return $token instanceof UsernamePasswordToken && $this->providerKey === $token->getProviderKey();
return $token instanceof UsernamePasswordToken && $this->providerKey === $token->getFirewallName();
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,24 +21,24 @@
class PreAuthenticatedToken extends AbstractToken
{
private $credentials;
private $providerKey;
private $firewallName;

/**
* @param string|\Stringable|UserInterface $user
* @param mixed $credentials
* @param string[] $roles
*/
public function __construct($user, $credentials, string $providerKey, array $roles = [])
public function __construct($user, $credentials, string $firewallName, array $roles = [])
{
parent::__construct($roles);

if (empty($providerKey)) {
throw new \InvalidArgumentException('$providerKey must not be empty.');
if ('' === $firewallName) {
throw new \InvalidArgumentException('$firewallName must not be empty.');
}

$this->setUser($user);
$this->credentials = $credentials;
$this->providerKey = $providerKey;
$this->firewallName = $firewallName;

if ($roles) {
$this->setAuthenticated(true);
Expand All @@ -49,10 +49,21 @@ public function __construct($user, $credentials, string $providerKey, array $rol
* Returns the provider key.
*
* @return string The provider key
*
* @deprecated since 5.2, use getFirewallName() instead
*/
public function getProviderKey()
{
return $this->providerKey;
if (1 !== \func_num_args() || true !== func_get_arg(0)) {
trigger_deprecation('symfony/security-core', '5.2', 'Method "%s" is deprecated, use "getFirewallName()" instead.', __METHOD__);
}

return $this->firewallName;
}

public function getFirewallName(): string
{
return $this->getProviderKey(true);
}

/**
Expand All @@ -78,15 +89,15 @@ public function eraseCredentials()
*/
public function __serialize(): array
{
return [$this->credentials, $this->providerKey, parent::__serialize()];
return [$this->credentials, $this->firewallName, parent::__serialize()];
}

/**
* {@inheritdoc}
*/
public function __unserialize(array $data): void
{
[$this->credentials, $this->providerKey, $parentData] = $data;
[$this->credentials, $this->firewallName, $parentData] = $data;
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
parent::__unserialize($parentData);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,26 +21,26 @@
class RememberMeToken extends AbstractToken
{
private $secret;
private $providerKey;
private $firewallName;

/**
* @param string $secret A secret used to make sure the token is created by the app and not by a malicious client
*
* @throws \InvalidArgumentException
*/
public function __construct(UserInterface $user, string $providerKey, string $secret)
public function __construct(UserInterface $user, string $firewallName, string $secret)
{
parent::__construct($user->getRoles());

if (empty($secret)) {
throw new \InvalidArgumentException('$secret must not be empty.');
}

if (empty($providerKey)) {
throw new \InvalidArgumentException('$providerKey must not be empty.');
if ('' === $firewallName) {
throw new \InvalidArgumentException('$firewallName must not be empty.');
}

$this->providerKey = $providerKey;
$this->firewallName = $firewallName;
$this->secret = $secret;

$this->setUser($user);
Expand All @@ -63,10 +63,21 @@ public function setAuthenticated(bool $authenticated)
* Returns the provider secret.
*
* @return string The provider secret
*
* @deprecated since 5.2, use getFirewallName() instead
*/
public function getProviderKey()
{
return $this->providerKey;
if (1 !== \func_num_args() || true !== func_get_arg(0)) {
trigger_deprecation('symfony/security-core', '5.2', 'Method "%s" is deprecated, use "getFirewallName()" instead.', __METHOD__);
}

return $this->firewallName;
}

public function getFirewallName(): string
{
return $this->getProviderKey(true);
}

/**
Expand All @@ -92,15 +103,15 @@ public function getCredentials()
*/
public function __serialize(): array
{
return [$this->secret, $this->providerKey, parent::__serialize()];
return [$this->secret, $this->firewallName, parent::__serialize()];
}

/**
* {@inheritdoc}
*/
public function __unserialize(array $data): void
{
[$this->secret, $this->providerKey, $parentData] = $data;
[$this->secret, $this->firewallName, $parentData] = $data;
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
parent::__unserialize($parentData);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,12 @@ class SwitchUserToken extends UsernamePasswordToken
/**
* @param string|object $user The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method
* @param mixed $credentials This usually is the password of the user
* @param string $providerKey The provider key
* @param string[] $roles An array of roles
*
* @throws \InvalidArgumentException
*/
public function __construct($user, $credentials, string $providerKey, array $roles, TokenInterface $originalToken)
public function __construct($user, $credentials, string $firewallName, array $roles, TokenInterface $originalToken)
{
parent::__construct($user, $credentials, $providerKey, $roles);
parent::__construct($user, $credentials, $firewallName, $roles);

$this->originalToken = $originalToken;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
class UsernamePasswordToken extends AbstractToken
{
private $credentials;
private $providerKey;
private $firewallName;

/**
* @param string|\Stringable|UserInterface $user The username (like a nickname, email address, etc.) or a UserInterface instance
Expand All @@ -30,17 +30,17 @@ class UsernamePasswordToken extends AbstractToken
*
* @throws \InvalidArgumentException
*/
public function __construct($user, $credentials, string $providerKey, array $roles = [])
public function __construct($user, $credentials, string $firewallName, array $roles = [])
{
parent::__construct($roles);

if (empty($providerKey)) {
throw new \InvalidArgumentException('$providerKey must not be empty.');
if ('' === $firewallName) {
throw new \InvalidArgumentException('$firewallName must not be empty.');
}

$this->setUser($user);
$this->credentials = $credentials;
$this->providerKey = $providerKey;
$this->firewallName = $firewallName;

parent::setAuthenticated(\count($roles) > 0);
}
Expand Down Expand Up @@ -69,10 +69,21 @@ public function getCredentials()
* Returns the provider key.
*
* @return string The provider key
*
* @deprecated since 5.2, use getFirewallName() instead
*/
public function getProviderKey()
{
return $this->providerKey;
if (1 !== \func_num_args() || true !== func_get_arg(0)) {
trigger_deprecation('symfony/security-core', '5.2', 'Method "%s" is deprecated, use "getFirewallName()" instead.', __METHOD__);
}

return $this->firewallName;
}

public function getFirewallName(): string
{
return $this->getProviderKey(true);
}

/**
Expand All @@ -90,15 +101,15 @@ public function eraseCredentials()
*/
public function __serialize(): array
{
return [$this->credentials, $this->providerKey, parent::__serialize()];
return [$this->credentials, $this->firewallName, parent::__serialize()];
}

/**
* {@inheritdoc}
*/
public function __unserialize(array $data): void
{
[$this->credentials, $this->providerKey, $parentData] = $data;
[$this->credentials, $this->firewallName, $parentData] = $data;
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
parent::__unserialize($parentData);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ public function testSupports()
;
$token
->expects($this->once())
->method('getProviderKey')
->method('getFirewallName')
->willReturn('foo')
;
$this->assertFalse($provider->supports($token));
Expand Down Expand Up @@ -65,7 +65,7 @@ public function testAuthenticate()
$token = $provider->authenticate($this->getSupportedToken('fabien', 'pass'));
$this->assertInstanceOf('Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken', $token);
$this->assertEquals('pass', $token->getCredentials());
$this->assertEquals('key', $token->getProviderKey());
$this->assertEquals('key', $token->getFirewallName());
$this->assertEquals([], $token->getRoleNames());
$this->assertEquals(['foo' => 'bar'], $token->getAttributes(), '->authenticate() copies token attributes');
$this->assertSame($user, $token->getUser());
Expand All @@ -89,7 +89,7 @@ public function testAuthenticateWhenUserCheckerThrowsException()

protected function getSupportedToken($user = false, $credentials = false)
{
$token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken')->setMethods(['getUser', 'getCredentials', 'getProviderKey'])->disableOriginalConstructor()->getMock();
$token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken')->setMethods(['getUser', 'getCredentials', 'getFirewallName'])->disableOriginalConstructor()->getMock();
if (false !== $user) {
$token->expects($this->once())
->method('getUser')
Expand All @@ -105,7 +105,7 @@ protected function getSupportedToken($user = false, $credentials = false)

$token
->expects($this->any())
->method('getProviderKey')
->method('getFirewallName')
->willReturn('key')
;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,10 @@ protected function getSupportedToken($user = null, $secret = 'test')
->willReturn([]);
}

$token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\RememberMeToken')->setMethods(['getProviderKey'])->setConstructorArgs([$user, 'foo', $secret])->getMock();
$token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\RememberMeToken')->setMethods(['getFirewallName'])->setConstructorArgs([$user, 'foo', $secret])->getMock();
$token
->expects($this->once())
->method('getProviderKey')
->method('getFirewallName')
->willReturn('foo');

return $token;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -202,10 +202,10 @@ public function testAuthenticatePreservesOriginalToken()

protected function getSupportedToken()
{
$mock = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken')->setMethods(['getCredentials', 'getProviderKey', 'getRoles'])->disableOriginalConstructor()->getMock();
$mock = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken')->setMethods(['getCredentials', 'getFirewallName', 'getRoles'])->disableOriginalConstructor()->getMock();
$mock
->expects($this->any())
->method('getProviderKey')
->method('getFirewallName')
->willReturn('key')
;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ public function testConstructor()
$token = new PreAuthenticatedToken('foo', 'bar', 'key', ['ROLE_FOO']);
$this->assertTrue($token->isAuthenticated());
$this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
$this->assertEquals('key', $token->getProviderKey());
$this->assertEquals('key', $token->getFirewallName());
}

public function testGetCredentials()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ public function testConstructor()
$user = $this->getUser();
$token = new RememberMeToken($user, 'fookey', 'foo');

$this->assertEquals('fookey', $token->getProviderKey());
$this->assertEquals('fookey', $token->getFirewallName());
$this->assertEquals('foo', $token->getSecret());
$this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
$this->assertSame($user, $token->getUser());
Expand Down
Loading